OAuth 2.0

Connection is a link between Make and 3rd party service/app. OAuth 2.0 connection handles the token exchange automatically.

Before you start configuring your OAuth 2.0 connection, you need to create an app on a 3rd-party service.

When creating an app, use:

  • https://www.make.com/oauth/cb/app as a callback URL together with oauth.makeRedirectUrivariable, or:

  • https://www.make.com/oauth/cb/app as a callback URL together with oauth.localRedirectUrivariable, if you are going to request approval of your app, or:

  • https://www.integromat.com/oauth/cb/app as an old callback URL together with oauth.redirectUri variable.

Components

Communication

pageCommunication

  • aws directive is not available

  • pagination directive is not available

  • response.limit is not available

  • response.iterate directive is not available

  • response.output is not available

  • response is extended with data

  • response is extended with expires

response.data

The data directive saves data to the connection so that it can be later accessed from a module through the connection variable. It functions similarly to the temp directive, except that data is persisted to the connection.

Example:

{
    "response": {
        "data": {
            "accessToken": "{{body.token}}"
        }
    }
}

This accessToken can be later accessed in any module that uses this connection like so:

{
    "url": "http://example.com",
    "qs": {
        "token": "{{connection.accessToken}}"
    }
}

response.expires

The expires directive says, when the refresh token (or whole connection when there's no refresh token) will expire. Don't change this with response.data.expires which is telling you when the current access token will need to be refreshed. When the expires period is overdue, the connection needs to be reauthorized manually. This can be done either from a scenario or the "Connections" tab.

Example:

{
    "response": {
        "expires": "{{addDays(now, 30)}}"
    }
}

Parameters

pageParameters

Parameters that the user should fill while creating a new connection.

Default Scope

pageScope

Default scope for every new connection.

Scope List

pageScope List

Collection of available scopes.

Common Data

pageConnections

Non-user-specific sensitive values like salts or secrets.

OAuth 2.0 Authentication Process

OAuth 2.0 authentication process consists of multiple steps. You are able to select the steps you need and ignore the steps that you don’t - just fill in the needed sections and delete unneeded ones.

Key

Type

Description

preauthorize

Request Specification

Describes a request that should be executed prior to authorize directive.

authorize

Request Specification

Describes authorization process.

token

Request Specification

Describes a request that exchanges credentials for tokens.

info

Request Specification

Describes a request that validates a connection. The most common way to validate the connection is to call an API’s method to get user’s information. Most of the APIs have such a method. info directive can be used to store account's metadata.

refresh

Request Specification

Describes a request that refreshes an access token.

invalidate

Request Specification

Describes a request that invalidates acquired access token.

Each section is responsible for executing its part in the OAuth 2.0 flow.

In short, you can describe the initial OAuth 2.0 flow as follows:

preauthorize => authorize => token => info

with preauthorize and info sections being optional, and refresh and invalidate not being a part of the initial OAuth 2.0 flow.

If the authorize directive isn't used, the condition in thetoken directive has to be set totrue.Otherwise, the token directive will not be successfully triggered.

Available IML variables

These IML variables are available for you to use everywhere in this module:

NameDescription

now

Current date and time.

environment

TBD

temp

Contains custom variables created via temp directive.

parameters

Contains connection’s input parameters.

common

Contains connection’s common data collection.

data

Contains connection’s data collection.

oauth.scope

Contains an array of scope required to be passed to OAuth 2.0 authorization process.

oauth.redirectUri

Contains redirect URL for OAuth 2.0 authorization process in this format: https://www.integromat.com/oauth/cb/app

oauth.localRedirectUri

Contains redirect URL for OAuth 2.0 authorization process in this format: https://www.make.com/oauth/cb/app or this format: https://www.private-instance.com/oauth/cb/app

oauth.makeRedirectUri

Contains redirect URL for OAuth 2.0 authorization process in this format: https://www.make.com/oauth/cb/app

Example

You can find the OAuth 2 connection example in one of our open-sourced apps, e.g. Smartsheet.

PreviousOAuth 1.0NextWebhooks

Last updated